qktag

Privacy Notice

Last updated 2025

Who we are

This Privacy Notice explains how we collect, use and protect personal data when you use qktag. It is written to align with the principles of the EU General Data Protection Regulation ("GDPR") and similar data protection laws. In this notice, "we", "us" and "our" refer to the operator of the qktag service, and "you" refers to an individual user or visitor.

Categories of data we process

Depending on how you use qktag, we may process the following categories of data:

  • Account information – such as your email address, password hash and basic profile settings needed to create and secure your account.
  • Inventory content – details you store in items, attributes, templates and attachments, which may include descriptions, notes, dates, identifiers, and uploaded files you choose to associate with an item.
  • Usage and device data – technical information such as IP address, browser type, operating system, approximate region, access times, and pages or features used. This is typically collected via logs and similar mechanisms to keep the service secure and reliable.
  • Scan interactions – when someone scans a QR code or visits a public item link, we may record that an access occurred, along with limited technical metadata, to help you understand how your tags are being used and to protect against abuse.
  • Billing and subscription data – if you upgrade to a paid plan, we process information necessary to manage your subscription, such as plan type, billing status, payment references and renewal dates. Full payment card data is processed by specialised payment service providers and is not stored by us.
  • Support communications – messages you send to support (for example, by email), including any information you choose to include in those messages.

Purposes and legal bases (GDPR)

Under GDPR we must identify a legal basis for each purpose of processing. We rely on the following:

  • To provide and maintain the service – including authenticating users, storing your inventory content and attachments, rendering dashboards, and serving public item pages you choose to expose. This processing is based on performance of a contract, as it is necessary to deliver the qktag service you sign up for.
  • To manage billing and subscriptions – including processing subscription upgrades, renewals, and cancellations, and enforcing plan limits. This processing is based on performance of a contract and compliance with legal obligations related to accounting and tax.
  • To keep the service secure and reliable – for example, detecting misuse, preventing abuse, troubleshooting issues and generating aggregated usage statistics. This processing is based on our legitimate interests in operating a secure and efficient service that our users can rely on.
  • To communicate with you – such as sending essential service messages, security notifications, or replies to your support requests. These communications are necessary for performance of a contract and our legitimate interests in providing effective support.
  • To comply with law – including responding to lawful requests from public authorities and meeting record-keeping obligations. This processing is based on compliance with legal obligations.

Where we rely on legitimate interests, we only do so after assessing that our interests are not overridden by your fundamental rights and freedoms. If we ever rely on consent for a particular use of your data, you will be able to withdraw that consent at any time.

How we share data

We do not sell your personal data. We share it only when necessary and under strict safeguards:

  • Service providers (processors) – we use specialised third parties to host infrastructure, store files, deliver email, provide authentication, process payments and perform other operational tasks. These providers only process data on our instructions, under written data protection agreements.
  • Other users and the public – when you choose to make an item or specific attributes public, the corresponding information becomes accessible to anyone with the link or by scanning the QR code. You control which attributes are public and can change visibility settings at any time.
  • Legal and compliance – we may disclose information if required to do so by law, or in response to valid legal processes, or to protect our rights, safety, or the rights and safety of others.

International data transfers

Our service may be operated from, and data may be stored in, countries other than your own. Where personal data is transferred from the European Economic Area (EEA) or United Kingdom to a country that has not been recognised as providing an adequate level of protection, we rely on appropriate safeguards under GDPR, such as standard contractual clauses or equivalent legal mechanisms, combined with technical and organisational measures designed to protect your data.

Retention of data

We retain personal data only for as long as necessary for the purposes described in this notice:

  • Account and profile data are kept for as long as your account remains active and for a limited period thereafter where needed for legitimate business, security or legal reasons.
  • Inventory items, attributes, attachments and templates are stored until you delete them or delete your account, subject to reasonable backup and logging periods.
  • Billing and subscription records are retained as required by applicable tax and accounting laws.
  • Log and security data may be kept for a period sufficient to investigate incidents, defend against claims and improve service reliability.

When data is no longer needed, we either delete it or irreversibly anonymise it so that it can no longer be linked back to an identifiable individual.

Your rights under GDPR

Subject to certain conditions and limitations, individuals in the EEA, UK and other jurisdictions with similar laws have the following rights:

  • Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy of that data.
  • Right to rectification – to have inaccurate or incomplete personal data corrected.
  • Right to erasure – to request deletion of your personal data where there is no longer a legal basis for us to keep it ("right to be forgotten").
  • Right to restriction – to ask us to limit the processing of your personal data in certain circumstances.
  • Right to data portability – to receive personal data you provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible.
  • Right to object – to object to processing based on our legitimate interests, on grounds relating to your particular situation. We will stop processing unless we can demonstrate compelling legitimate grounds or the processing is required for legal claims.
  • Right to withdraw consent – where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

You can exercise many of these rights directly in the product—for example by updating your profile, changing visibility settings, exporting data or deleting items. If you need additional assistance, contact us using the details below.

Your controls and choices

From the Account and Items pages, you can manage what you store and how it is shared:

  • Adjust whether an item is private or public, and control visibility at the attribute level where supported by your plan.
  • Add, update or delete items, attributes, templates and attachments at any time.
  • Delete your account, which will remove your items, templates, attachments and user preferences from the active service after a short processing period.

Security

We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include access controls, encryption in transit, least-privilege practices, monitoring and regular review of our infrastructure and application behaviour. No online service can guarantee absolute security, but we work continuously to improve our defences.

Children's data

qktag is not directed at children and is intended for use by adults and organisations. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us so we can take appropriate action.

Contact and complaints

If you have questions about this Privacy Notice or how we handle personal data, you can contact us at support@qktag.com. If you are located in the EEA or UK and believe that our processing of your personal data infringes applicable law, you also have the right to lodge a complaint with your local data protection authority.

Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our service, legal requirements or best practices. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice within the product. Your continued use of qktag after an update means you accept the revised notice.